Sqreen

Complete application security that is easy to install, configure and manage Starting at $0/mo.

Holistic protection

Combine HTTP and application-level security signals to more effectively identify and block attacks.

  • Block attacks from the OWASP top 10, including Cross-Site Scripting (XSS), SQL injections, or Server-Side Request Forgery (SSRF).
  • Combine multiple protections into one: RASP (Runtime Application Self-Protection), In-App WAF (Web Application Firewall), Account Takeovers, and more.
  • Leverage the full execution context of requests and block critical attacks without generating false positives.
  • Prevent business logic attacks with out-of-the-box playbooks that cover feature abuses, shared users accounts and more.
Easy to use

Get started in minutes with Smart Stack Detection that automatically optimizes your configuration.

  • Deploy Sqreen’s microagents in minutes on any type of architecture.
  • Continuously adapt protections to your evolving application’s stack without manual configurations required.
  • Don’t block legitimate traffic or slow down your engineers.
  • Integrate Sqreen into your workflow with native integrations, webhooks, and APIs.
Actionable insights

Reduce alert fatigue and receive notifications on only the incidents that matter.

  • Always stay one step ahead of attackers with incidents alerting you in real-time only in case of a critical attack.
  • Go beyond an IP and investigate malicious activities by linking security activities to authenticated users.
  • Fasten vulnerability remediation with stacktraces pinpointing the vulnerable line of code.
  • Drill down into user and IP activity timelines to identify attackers before they cause harm.
Easy install and maintenance

Get started in under 5 mins. No code changes, heavy configuration, or maintenance required.

Built for scale

Limited performance impact (2-5% CPU). No memory overhead. We already run on some of the worlds’ largest applications, in production.

Works with your toolchain

Use our Slack, New Relic, or PagerDuty integrations or use webhooks to integrate with the tools you love.

Private by design

Sqreen doesn’t redirect your traffic and automatically scrubs PII from inside your application.

Meet your compliance requirements

Sqreen helps you complete vendor security questionnaires faster and meet your application security compliance requirements on OWASP Top 10, SOC2, GDPR, PCI, and more.

Trusted by 800+ customers
  • “It’s a great feeling to know that some things are taken care of on the security front in a way that doesn’t degrade the performance of our applications. The impact is minimal and we’re more secure. The signal-to-noise ratio is great, so I only have to break my flow to focus on security issues when it’s merited.” Guillaume Luccisano, CTO at Triplebyte
  • “With Sqreen, we’ve been able to deal with some major attacks with ease over the past year. On top of that, the number of false positives is negligible, if not zero, which is a fantastic benefit. I know I only have to spring into action if it’s merited!” Richard Grey, Head of Information Security at Freeagent
  • “Sqreen delivers the security monitoring that Algolia needs to able to confidently promise a tier-one service to our customers.” Sylvain Utard, VP Engineering at Algolia

Read more customer stories

Region Availability

The available application locations for this add-on are shown below, and depend on whether the application is deployed to a Common Runtime region or Private Space. Learn More

  • Common Runtime
  • Private Spaces
Region Available
United States Available
Europe Available
Region Available Installable in Space
Virginia Available
Oregon Available
Frankfurt Available
Tokyo Available
Sydney Available
Dublin Available

Plans & Pricing

    • Real-time security dashboards
    • Application vulnerabilities
    • Attack logs
    • Security Report
    • Security Flow Map
    • Attacker timeline
    • Account Takeover Protection
    • In-App Web Application Firewall (WAF)
    • Runtime Application Self-Protection (RASP)
    • Built-in security automation
    • Advanced configurations
    • Advanced protections
    • Smart Content Security Policy (CSP)
    • Unbranded blocking page
    • Number of apps 1
    • Monitored Requests / month 1 million
    • Data Retention 1 day
    • Number of seats 1
    • Basic Team Permissions
    • Advanced Team Permissions
    • SSO / SAML
    • Audit logs
    • Premium support and SLAs
    • Slack Integration
    • Webhooks
    • SIEM integrations
    • APIs
    • Real-time security dashboards
    • Application vulnerabilities
    • Attack logs
    • Security Report
    • Security Flow Map
    • Attacker timeline
    • Account Takeover Protection
    • In-App Web Application Firewall (WAF)
    • Runtime Application Self-Protection (RASP)
    • Built-in security automation
    • Advanced configurations
    • Advanced protections
    • Smart Content Security Policy (CSP)
    • Unbranded blocking page
    • Number of apps 1
    • Monitored Requests / month Up To 10 Million
    • Data Retention 30 days
    • Number of seats 3
    • Basic Team Permissions
    • Advanced Team Permissions
    • SSO / SAML
    • Audit logs
    • Premium support and SLAs
    • Slack Integration
    • Webhooks
    • SIEM integrations
    • APIs
    • Real-time security dashboards
    • Application vulnerabilities
    • Attack logs
    • Security Report
    • Security Flow Map
    • Attacker timeline
    • Account Takeover Protection
    • In-App Web Application Firewall (WAF)
    • Runtime Application Self-Protection (RASP)
    • Built-in security automation
    • Advanced configurations
    • Advanced protections
    • Smart Content Security Policy (CSP)
    • Unbranded blocking page
    • Number of apps 1
    • Monitored Requests / month Up To 20 Million
    • Data Retention 30 days
    • Number of seats 5
    • Basic Team Permissions
    • Advanced Team Permissions
    • SSO / SAML
    • Audit logs
    • Premium support and SLAs
    • Slack Integration
    • Webhooks
    • SIEM integrations
    • APIs
    • Real-time security dashboards
    • Application vulnerabilities
    • Attack logs
    • Security Report
    • Security Flow Map
    • Attacker timeline
    • Account Takeover Protection
    • In-App Web Application Firewall (WAF)
    • Runtime Application Self-Protection (RASP)
    • Built-in security automation
    • Advanced configurations
    • Advanced protections
    • Smart Content Security Policy (CSP)
    • Unbranded blocking page
    • Number of apps 1
    • Monitored Requests / month Up To 100 Million
    • Data Retention 30 days
    • Number of seats 10
    • Basic Team Permissions
    • Advanced Team Permissions
    • SSO / SAML
    • Audit logs
    • Premium support and SLAs
    • Slack Integration
    • Webhooks
    • SIEM integrations
    • APIs
    • Real-time security dashboards
    • Application vulnerabilities
    • Attack logs
    • Security Report
    • Security Flow Map
    • Attacker timeline
    • Account Takeover Protection
    • In-App Web Application Firewall (WAF)
    • Runtime Application Self-Protection (RASP)
    • Built-in security automation
    • Advanced configurations
    • Advanced protections
    • Smart Content Security Policy (CSP)
    • Unbranded blocking page
    • Number of apps 1
    • Monitored Requests / month Up To 300 Million
    • Data Retention 60 days
    • Number of seats 20
    • Basic Team Permissions
    • Advanced Team Permissions
    • SSO / SAML
    • Audit logs
    • Premium support and SLAs
    • Slack Integration
    • Webhooks
    • SIEM integrations
    • APIs
Install Sqreen
heroku addons:create sqreen

To provision, copy the snippet into your CLI or use the install button above.

Sqreen Documentation